d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Separate the audit(4) tests for auditon(2)'s individual commands

Browse Source 
auditon(2) is an ioctl-like syscall with several different variants, each of
which has a distinct audit event.  Write separate audit(4) tests for each
variant.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16255
This commit is contained in:
asomers 2018-07-20 18:59:48 +00:00
parent 19b90d38e3
commit 2b0104e050
1 changed files with 526 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

580
tests/sys/audit/administrative.c
View File

@ -369,57 +369,6 @@ ATF_TC_CLEANUP(auditctl_failure, tc)
}
ATF_TC_WITH_CLEANUP(auditon_success);
ATF_TC_HEAD(auditon_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call");
}
ATF_TC_BODY(auditon_success, tc)
{
pid = getpid();
au_evclass_map_t evclass;
snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,success", pid);
/* Initialize evclass to get the event-class mapping for auditon(2) */
evclass.ec_number = AUE_AUDITON;
evclass.ec_class = 0;
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(&evclass)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_failure);
ATF_TC_HEAD(auditon_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call");
}
ATF_TC_BODY(auditon_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "auditon.*%d.*return,failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid au_evclass_map_t structure */
ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(acct_success);
ATF_TC_HEAD(acct_success, tc)
{
@ -791,6 +740,507 @@ ATF_TC_CLEANUP(setaudit_addr_failure, tc)
}
ATF_TC_WITH_CLEANUP(auditon_getpolicy_success);
ATF_TC_HEAD(auditon_getpolicy_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_GETPOLICY");
}
ATF_TC_BODY(auditon_getpolicy_success, tc)
{
int aupolicy;
pid = getpid();
snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*success", pid);
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getpolicy_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getpolicy_failure);
ATF_TC_HEAD(auditon_getpolicy_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_GETPOLICY");
}
ATF_TC_BODY(auditon_getpolicy_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "GPOLICY command.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid argument */
ATF_REQUIRE_EQ(-1, auditon(A_GETPOLICY, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getpolicy_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setpolicy_success);
ATF_TC_HEAD(auditon_setpolicy_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_SETPOLICY");
}
ATF_TC_BODY(auditon_setpolicy_success, tc)
{
int aupolicy;
pid = getpid();
snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*success", pid);
/* Retrieve the current auditing policy, to be used with A_SETPOLICY */
ATF_REQUIRE_EQ(0, auditon(A_GETPOLICY, &aupolicy, sizeof(aupolicy)));
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_SETPOLICY, &aupolicy, sizeof(aupolicy)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setpolicy_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setpolicy_failure);
ATF_TC_HEAD(auditon_setpolicy_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_SETPOLICY");
}
ATF_TC_BODY(auditon_setpolicy_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "SPOLICY command.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid argument */
ATF_REQUIRE_EQ(-1, auditon(A_SETPOLICY, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setpolicy_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getkmask_success);
ATF_TC_HEAD(auditon_getkmask_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_GETKMASK");
}
ATF_TC_BODY(auditon_getkmask_success, tc)
{
pid = getpid();
au_mask_t evmask;
snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*success", pid);
bzero(&evmask, sizeof(evmask));
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getkmask_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getkmask_failure);
ATF_TC_HEAD(auditon_getkmask_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_GETKMASK");
}
ATF_TC_BODY(auditon_getkmask_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "get kernel mask.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid au_mask_t structure */
ATF_REQUIRE_EQ(-1, auditon(A_GETKMASK, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getkmask_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setkmask_success);
ATF_TC_HEAD(auditon_setkmask_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_SETKMASK");
}
ATF_TC_BODY(auditon_setkmask_success, tc)
{
pid = getpid();
au_mask_t evmask;
snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*success", pid);
/* Retrieve the current audit mask to be used with A_SETKMASK */
bzero(&evmask, sizeof(evmask));
ATF_REQUIRE_EQ(0, auditon(A_GETKMASK, &evmask, sizeof(evmask)));
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_SETKMASK, &evmask, sizeof(evmask)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setkmask_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setkmask_failure);
ATF_TC_HEAD(auditon_setkmask_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_SETKMASK");
}
ATF_TC_BODY(auditon_setkmask_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "set kernel mask.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid au_mask_t structure */
ATF_REQUIRE_EQ(-1, auditon(A_SETKMASK, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setkmask_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getqctrl_success);
ATF_TC_HEAD(auditon_getqctrl_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_GETQCTRL");
}
ATF_TC_BODY(auditon_getqctrl_success, tc)
{
pid = getpid();
au_qctrl_t evqctrl;
snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*success", pid);
bzero(&evqctrl, sizeof(evqctrl));
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getqctrl_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getqctrl_failure);
ATF_TC_HEAD(auditon_getqctrl_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_GETQCTRL");
}
ATF_TC_BODY(auditon_getqctrl_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "GQCTRL command.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid au_qctrl_t structure */
ATF_REQUIRE_EQ(-1, auditon(A_GETQCTRL, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getqctrl_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setqctrl_success);
ATF_TC_HEAD(auditon_setqctrl_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_SETKMASK");
}
ATF_TC_BODY(auditon_setqctrl_success, tc)
{
pid = getpid();
au_qctrl_t evqctrl;
snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*success", pid);
/* Retrieve the current audit mask to be used with A_SETQCTRL */
bzero(&evqctrl, sizeof(evqctrl));
ATF_REQUIRE_EQ(0, auditon(A_GETQCTRL, &evqctrl, sizeof(evqctrl)));
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_SETQCTRL, &evqctrl, sizeof(evqctrl)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setqctrl_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setqctrl_failure);
ATF_TC_HEAD(auditon_setqctrl_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_SETKMASK");
}
ATF_TC_BODY(auditon_setqctrl_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "SQCTRL command.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid au_qctrl_t structure */
ATF_REQUIRE_EQ(-1, auditon(A_SETQCTRL, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setqctrl_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getclass_success);
ATF_TC_HEAD(auditon_getclass_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_GETCLASS");
}
ATF_TC_BODY(auditon_getclass_success, tc)
{
pid = getpid();
au_evclass_map_t evclass;
snprintf(adregex, sizeof(adregex), "get event class.*%d.*success", pid);
/* Initialize evclass to get the event-class mapping for auditon(2) */
evclass.ec_number = AUE_AUDITON;
evclass.ec_class = 0;
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getclass_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getclass_failure);
ATF_TC_HEAD(auditon_getclass_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_GETCLASS");
}
ATF_TC_BODY(auditon_getclass_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "get event class.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid au_evclass_map_t structure */
ATF_REQUIRE_EQ(-1, auditon(A_GETCLASS, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getclass_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setclass_success);
ATF_TC_HEAD(auditon_setclass_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_SETCLASS");
}
ATF_TC_BODY(auditon_setclass_success, tc)
{
pid = getpid();
au_evclass_map_t evclass;
snprintf(adregex, sizeof(adregex), "set event class.*%d.*success", pid);
/* Initialize evclass and get the event-class mapping for auditon(2) */
evclass.ec_number = AUE_AUDITON;
evclass.ec_class = 0;
ATF_REQUIRE_EQ(0, auditon(A_GETCLASS, &evclass, sizeof(evclass)));
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_SETCLASS, &evclass, sizeof(evclass)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setclass_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setclass_failure);
ATF_TC_HEAD(auditon_setclass_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_SETCLASS");
}
ATF_TC_BODY(auditon_setclass_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "set event class.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid au_evclass_map_t structure */
ATF_REQUIRE_EQ(-1, auditon(A_SETCLASS, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setclass_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getcond_success);
ATF_TC_HEAD(auditon_getcond_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_GETCOND");
}
ATF_TC_BODY(auditon_getcond_success, tc)
{
int auditcond;
pid = getpid();
snprintf(adregex, sizeof(adregex), "get audit state.*%d.*success", pid);
FILE *pipefd = setup(fds, auclass);
ATF_REQUIRE_EQ(0, auditon(A_GETCOND, &auditcond, sizeof(auditcond)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getcond_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_getcond_failure);
ATF_TC_HEAD(auditon_getcond_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_GETCOND");
}
ATF_TC_BODY(auditon_getcond_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "get audit state.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid argument */
ATF_REQUIRE_EQ(-1, auditon(A_GETCOND, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_getcond_failure, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setcond_success);
ATF_TC_HEAD(auditon_setcond_success, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
"auditon(2) call for cmd: A_SETCOND");
}
ATF_TC_BODY(auditon_setcond_success, tc)
{
int auditcond = AUC_AUDITING;
pid = getpid();
snprintf(adregex, sizeof(adregex), "set audit state.*%d.*success", pid);
FILE *pipefd = setup(fds, auclass);
/* At this point auditd is running, so the audit state is AUC_AUDITING */
ATF_REQUIRE_EQ(0, auditon(A_SETCOND, &auditcond, sizeof(auditcond)));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setcond_success, tc)
{
cleanup();
}
ATF_TC_WITH_CLEANUP(auditon_setcond_failure);
ATF_TC_HEAD(auditon_setcond_failure, tc)
{
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
"auditon(2) call for cmd: A_SETCOND");
}
ATF_TC_BODY(auditon_setcond_failure, tc)
{
pid = getpid();
snprintf(adregex, sizeof(adregex), "set audit state.*%d.*failure", pid);
FILE *pipefd = setup(fds, auclass);
/* Failure reason: Invalid argument */
ATF_REQUIRE_EQ(-1, auditon(A_SETCOND, NULL, 0));
check_audit(fds, adregex, pipefd);
}
ATF_TC_CLEANUP(auditon_setcond_failure, tc)
{
cleanup();
}
/*
* Audit of reboot(2) cannot be tested in normal conditions as we don't want
* to reboot the system while running the tests
@ -958,11 +1408,8 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, nfs_getfh_failure);
ATF_TP_ADD_TC(tp, acct_success);
ATF_TP_ADD_TC(tp, acct_failure);
ATF_TP_ADD_TC(tp, auditctl_success);
ATF_TP_ADD_TC(tp, auditctl_failure);
ATF_TP_ADD_TC(tp, auditon_success);
ATF_TP_ADD_TC(tp, auditon_failure);
ATF_TP_ADD_TC(tp, getauid_success);
ATF_TP_ADD_TC(tp, getauid_failure);
@ -979,6 +1426,31 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, setaudit_addr_success);
ATF_TP_ADD_TC(tp, setaudit_addr_failure);
ATF_TP_ADD_TC(tp, auditon_getpolicy_success);
ATF_TP_ADD_TC(tp, auditon_getpolicy_failure);
ATF_TP_ADD_TC(tp, auditon_setpolicy_success);
ATF_TP_ADD_TC(tp, auditon_setpolicy_failure);
ATF_TP_ADD_TC(tp, auditon_getkmask_success);
ATF_TP_ADD_TC(tp, auditon_getkmask_failure);
ATF_TP_ADD_TC(tp, auditon_setkmask_success);
ATF_TP_ADD_TC(tp, auditon_setkmask_failure);
ATF_TP_ADD_TC(tp, auditon_getqctrl_success);
ATF_TP_ADD_TC(tp, auditon_getqctrl_failure);
ATF_TP_ADD_TC(tp, auditon_setqctrl_success);
ATF_TP_ADD_TC(tp, auditon_setqctrl_failure);
ATF_TP_ADD_TC(tp, auditon_getclass_success);
ATF_TP_ADD_TC(tp, auditon_getclass_failure);
ATF_TP_ADD_TC(tp, auditon_setclass_success);
ATF_TP_ADD_TC(tp, auditon_setclass_failure);
ATF_TP_ADD_TC(tp, auditon_getcond_success);
ATF_TP_ADD_TC(tp, auditon_getcond_failure);
ATF_TP_ADD_TC(tp, auditon_setcond_success);
ATF_TP_ADD_TC(tp, auditon_setcond_failure);
ATF_TP_ADD_TC(tp, reboot_failure);
ATF_TP_ADD_TC(tp, quotactl_failure);
ATF_TP_ADD_TC(tp, mount_failure);